Intelligent switching of client packets among a group of servers

ABSTRACT

The content-aware application switch and methods thereof intelligently switch client packets to one server among a group of servers in a server farm. The switch uses Layer 7 or application content parsed from a packet to help select the server and to schedule the transmitting of the packet to the server. This enables refined load-balancing and Quality of-Service control tailored to the application being switched. In an exemplary embodiment of the invention, a method includes maintaining a server load metric for each server in a group of servers; parsing application content from a packet; selecting a destination server from the group of servers, wherein selecting the destination server is dependent on the server load metric for each server, assigning a priority to the packet, the priority being dependent on the application content; and dropping the packet if the priority comprises at least one of a predetermined type.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.13/356,316, filed Jan. 23, 2012, issued as U.S. Pat. No. 8,656,047 onFeb. 18, 2014 and entitled “INTELLIGENT SWITCHING OF CLIENT PACKETSAMONG A GROUP OF SERVERS”, which is a continuation of U.S. patentapplication Ser. No. 12/759,806, filed Apr. 14, 2010, issued as U.S.Pat. No. 8,122,146 on Feb. 21, 2012 and entitled “INTELLIGENT SWITCHINGOF CLIENT PACKETS AMONG A GROUP OF SERVERS”, which is a continuation ofU.S. patent application Ser. No. 12/235,367, filed Sep. 22, 2008, issuedas U.S. Pat. No. 7,937,490 on May 3, 2011 and entitled “IntelligentSwitching of Client Packets Among a Group of Servers”, which is acontinuation of U.S. patent application Ser. No. 11/218,444, filed Sep.2, 2005, issued as U.S. Pat. No. 7,437,473 on Oct. 14, 2008 and entitled“Packet Switch and Method Thereof Dependent on Application Content”,which is a continuation of U.S. patent application Ser. No. 09/883,852,filed Jun. 18, 2001, issued as U.S. Pat. No. 6,944,678 on Sep. 13, 2005and entitled “Packet Switch and Method Thereof Dependent on ApplicationContent”, the disclosures of which are incorporated herein by reference.

FIELD OF THE INVENTION

This invention relates to client-server computing systems operatingunder the Internet Protocol, and more particularly to a switch andmethods for switching client IP packets in a prescribed order to aserver selected from a group of servers.

With the advent of the World Wide Web (“WWW”), a universal client-servercomputing platform has emerged on the Internet. A very large number ofweb-servers on the Internet are serving web applications, which interactwith web browsers acting as clients. A web application is typicallyorganized into a hierarchy of webpages, scripted in Hypertext MarkupLanguage (“HTML”) and/or Extensible Markup Language (“XML”). It operatesunder the Hypertext Transfer Protocol (“HTTP”). A web application coulditself be a suite of applications, including access and manipulation ofdatabases, media and other resources hosted on one or more servers.

The resources provided by the servers are called up by their respectiveUniform Resource Locator (“URL”). Generally, an URL will contain an IPaddress that points to a server followed by additional pointers to filesresiding on the server. In the case of a web application, a clientbrowser can therefore access a webpage or a link by its URL. Inparticular, the browser typically first accesses the web application byits website address, which is a portal address of the application,calling up a homepage with links to the hierarchy of webpages. Forexample, a commercial entity may create an on-line shopping site,www.onlineshop.com, for customers to browse and purchase merchandise onthe Internet. The domain name address “www.onlineshop.com” is an aliasfor the IP address that points to where the application resides on theInternet.

One problem this new computing paradigm presents is the need for theserver hosting a web application to meet the potentially huge demandfrom the clients. The global nature of the Internet has meant that atany time there could be millions of clients attempting to access thesame web application. A common solution is to host the web applicationin a data center.

FIG. 1 illustrates a data center hosting the web application by means ofa server farm. Multiple replicas of the web application are madeavailable from a group of servers, known collectively as a “serverfarm”. The data center provides a multiplicity of web servers and otherrelated servers for hosting multiple copies of a web application andrelated resources. This architecture allows easy scaling of resourcecapacity to meet increased demand. When a client request comes in, aLAN/Web switch performs a load balancing function by connect it to oneof the less busy servers in the group.

The URL of the website for the web application now points to the LAN/Webswitch so that when a browser addresses the web application, the clientpackets are initially directed to the LAN/Web switch. The LAN/Web switchthen switches the packets to one of the less busy servers in the datacenter based on load-balancing considerations. The switching is doneusing information associated with Layers 2-4 of the Open systemInterconnection (“OSI”) model, or the more specific Transmission ControlProtocol/Internet Protocol (“TCP/IP”).

FIG. 2 is a table illustrating the protocol layers of the OSI model, thecorresponding TCP/IP protocol stacks, and the types of conventionalswitching and routing operable at each layer. According to the OSImodel, each device on a network implements the seven OSI layers in amodular fashion. Starting with Layer 7, which is a software applicationat the top, each layer communicates with its immediate layers. As thelayers get lower, the information to be sent out is increasing packagedfor the specific hardware of the device, ending in Layer 1, which is thephysical communication channel itself. Under TCP/IP, Layers 1-2 areimplemented as a subnet (or MAC) stack, Layer 3 as the Internet (or IP)stack, Layer 4 as the transport (or TCPIUDP) stack, and Layers 5-7 asthe Application stack. Each stack is usually implemented by a softwareand hardware combination. Typically, data is generated by a firstnetwork device and is processed down the protocol stacks, from Layer 7to Layer 1, into a packet, with each stack adding a header to thepacket. The packet can then be sent via a physical channel to a secondnetwork device. The second network device processes the packet up thestacks starting from Layer 1, and unwraps the respective headers afterterminating them at their associated stacks. At Layer 7, the applicationdata of the first device is retrieved for interaction with theapplication of the second device.

FIG. 3 illustrates the various headers of an IP packet. Each IP packetconsists of a data portion for carrying the data payload and a headerportion for carrying overhead information. The header portion is furtherpartitioned into layer- or protocol-dependent headers. For example, aLayer 2 or MAC header includes a destination MAC address and a sourceMAC address that respectively specify the destination and sourcehardware addresses of a node in a subnet. On a LAN, an IP packet isdirected to a destination device by its destination MAC address. A Layer3 or IP header includes a source IP address and a destination IP addressthat respectively specify the IP addresses of the source and destinationnodes on the Internet. On the Internet, an IP packet is directed to adestination device by its destination IP address. A Layer 4 or TCPheader includes a source TCP port and a destination TCP port thatrespectively specify the port numbers used by the source node and thedestination node. On a device, an IP packet is directed to a destinationport by its port number. In general, transporting a packet from onelocation to other requires processing of Layers 2-4 header information.

The data portion of the IP packet contains Layer 7 information, which isdata generated by the application. In web applications, the data willinclude HTTP headers. Since HTTP is not one of the basic OSI or TCPprotocols, but a High level protocol associated with web applications,its header is therefore regarded as application data and thereforelocated in the data portion of the IP packet. The HTTP header includesan URL field for specifying the URL the packet is requesting. It mayalso include a cookie field for the application to communicateenvironmental information with the client.

As mentioned earlier, each device communicating on the Internetimplements the TCP/IP stacks. For example, when a client computerrunning a browser requests a web page from a server, the client packetsare typically routed by a number of routers and possibly a web switchbefore reaching the destination server. When a router intercepts thepackets, it is processed from Layer 1 up to Layer 3, so that Layer 3information such as the source and destination IP addresses can beextracted in order for the router to route the packet to the nextdevice. When the packets get to a conventional Web switch, the packetsare only processed from Layer 1 up to Layer 4. In general, the upperlayer information can only be obtained after the all the lower layerstacks have been processed or “terminated”. Thus, the upper or deeperlayer information of an IP packet requires more processing to obtain.

FIG. 2 also lists the common types of routing and switching that cantake place at the various layers. LAN switches, such as an Ethernetswitch for a LAN operate at Layer 2 or the subnet stack of TCP/IP.Routers, operating at Layer 3 or the network layer, allow IP switchingin which IP packets may be routed to a node having an IP address on theInternet. A router basically examines the destination IP address on apacket, looks up its routing table for the output port number in orderto send the packet to the next node.

As mentioned earlier, a web switch is employed to switch an incomingclient packet to one of many parallel web servers in a data center. Inconventional implementations, its primary task is to perform aload-balancing function, i.e., to distribute an incoming packet to theleast busy server among the server farm. This is accomplished bymonitoring the load condition of each server, and dynamically changingthe IP and MAC addresses of a packet so that the packet is directed tothe least busy server.

In order to select the appropriate server, it is sometime necessary toconsider the type of service being requested. For example, the datacenter may have a group of HTTP servers dedicated for web service; or agroup of S-HTTP servers dedicated for secure web service; or a group ofSMTP servers dedicated for Simple Mail Transfer Protocol service; or agroup of FTP servers dedicated for File Transfer Protocol service. Inthat situation, it is necessary for a web switch to determine the typeof service requested in order to select a server from the appropriategroup. When the service is associated with a particular transportprotocol, Layer 4 header information will be useful in helping to selectan appropriate server.

FIG. 4 illustrates conventional TCP port assignments for some of themore standard services. The Layer 4 header of a packet contains thedestination TCP port number. By convention if the destination TCP portnumber is 80, it can be assumed that the packet is associated with HTTPprotocol and therefore a web application. Similarly, if the port numberis 25, the service is assumed to be SMTP, or if the port number is 20,the service is assumed to be FTP, etc.

Thus, existing web switches are capable of switching an incoming packetto the most appropriate server, based on server load conditions and/orLayer 4's transport layer information. More recently, there have evenbeen suggestions of more refined load balancing based on Layer 7, orapplication layer information, taking into account information derivedfrom the HTTP header, such as URL and cookie.

Also, there have been suggestions of making web switches capable ofswitching with some notion of Quality-of-Service (“QoS”). This is inview of certain applications, such as those involving Voice-Over-IP(“VoIP”) service under the H.323 standard, requiring a minimum standardfor connection stability, low latency and bandwidth. The suggestedsolution is to provide dedicate VoIP servers that can provide thenecessarily quality of service for this purpose, and to have the webswitch recognize VoIP packets through Layer 4 information in order toswitch them to the VoIP servers. Thus QoS is provided essentially byswitching the packets associated with a special application to a serverdedicated to serving such special application.

Generally, load-balancing schemes enable the capacity of a website to bescaled to meet demand, and existing QoS schemes allow switching to adedicated server that can provide the required quality of service.However, due to the enormous number of clients on the Internet thatcould potentially access a website, there will be times when thebudgeted capacity of a website is exceeded. This is especially the caseduring certain peak times when a website could experience spikes indemand. For example, an online merchandising website could be especiallybusy during holiday seasons when the demand could increase by orders ofmagnitude. Under those peak demand circumstances, no amount of loadbalancing will suffice since all the available servers in the serverfarm are already fully committed. When additional requests arrive, theweb switch can only make a best effort attempt to deliver the packets tothe saturated servers.

As the servers becomes busier with more requests, the quality of servicedecreases as a nonlinear functions of the number of requests. Withexisting web switch capabilities, once the server farm is saturated, thequality of service deteriorates drastically for all clients accessingthe website. There is no provision for distinguishing clients ofdiffering importance or to accord clients of high importancepreferential access. Nor is there provision for ensuring sufficientserver headroom so that clients of high importance will be served ondemand. For example, this would be of significance for an onlinemerchandising website during holiday seasons when excessive traffic mayreduce the website to a crawl or render it totally incapacitated. Itwould be desirable to give preferred customers preferential access. Apreferred customer may be one who is on a shopping cart page as comparedto a regular customer who is merely browsing the catalog. Conversely,when certain client packets are deemed less preferential, it would bedesirable to have a way to identify them and accord them with theappropriate quality of service, of lack thereof. In securityapplications, it would be desirable to be able to identify those packetsthat are “packet non-grata” and have the switch direct them elsewhere orto drop them altogether.

SUMMARY OF THE INVENTION

According to one aspect of the present invention, a content-awareapplication switch and methods thereof intelligently switches clientpackets to one server among a group of servers in a server farm. Theswitch uses Layer 7 or application content parsed from a packet to helpselect the best server and to prioritize the transmitting of the packetto the server.

In an exemplary embodiment of the invention, a method includesmaintaining a server load metric for each server in a group of servers;parsing application content from a packet; selecting a destinationserver from the group of servers, wherein selecting the destinationserver is dependent on the server load metric for each server, assigninga priority to the packet, the priority being dependent on theapplication content; and dropping the packet if the priority comprisesat least one of a predetermined type.

The application switch comprises a buffer controller, a packetclassifier, a set of tables, and a transmit controller. The buffercontroller is responsible for receiving, buffering and transmitting apacket on route to a server. The packet classifier parses the Layer 7 orapplication layer content from the packet and assigns to it a predefinedcontent class. The assigned content class identifies the nature of theapplication associated with the packet, and in combination with the setof tables, provides application-specific information for the transmitcontroller to perform load balancing and Quality-of-Service (“QoS”)control.

In a preferred embodiment, applications and therefore packets associatedwith them are assigned priorities as either being HIGH, MEDIUM, or LOW.A QoS controller included in the transmit controller maintains a set ofpacket queues for each server among the group of servers. Each setcontains three queues corresponding to the three priority types.

The queues are such that the lower priority queues are held back inresponse to the workload of its server reaching a predefined level.

The QoS controller schedules transmission of the packets by picking thepackets off the queues, such that HIGH priority queues are picked beforeMEDIUM priority queues, and MEDIUM priority queues are picked before LOWpriority queues. In addition, when picking the MEDIUM and LOW priorityqueues, the QoS controller is cognizant of the current workload of theserver and mindful that certain server headroom is maintained. Thisprovides provisioning of server headroom for high priority packetsduring switching of lower priority packets.

The invention provides improved load-balancing and Quality-of-Servicecontrol tailored to the application being switched. QoS control iseffected at the switch on a packet-by-packet level and is applicable toany server. This provides more flexibility and control compared toconventional implementations where applications requiring a high qualityof service are identified by their transport protocol and then directedto dedicated servers.

According to another aspect of the invention, a slow-start methodassigned an initially boosted server load metric to a server newly addedto a group of servers under load balancing. The method comprisesboosting the new server load metric to decrease, over a predeterminedperiod, the disparity between the server load metrics of the new serverand that of other servers in the group of servers. This alleviates theproblem of the new server being swamped initially due to a very low loadmetric compared to that of others in the group of servers.

In a preferred embodiment, the boosting is halved at predeterminedintervals until the boosting is reduced to unity when the disparitybetween the server load metrics is less than a predetermined amount.

According to yet another aspect of the invention a switching methoddependent on Layer 7 content is provided that avoids delayed binding ina new TCP session. Layer 7 content is not available during the initialhandshaking phase of a new TCP session. The method uses the Layer 7content from a previous session as an estimate to help select the serverand uses a default priority to scheduling the transmitting of thehandshaking packets. Updated Layer 7 content available after thehandshaking phase is then used to reset the priority for the transmitschedule and is available for use in load balancing of the next TCPsession. The inventive method enables content-aware switching withoutincurring delay and excessive processing while initially waiting forcontent to become available in order to make switching decisions.

Additional objects, features and advantages of the present inventionwill be understood from the following description of its preferredembodiments, which description should be taken in conjunction with theaccompanying drawings.]

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a data center hosting the web application by means ofa server farm.

FIG. 2 is a table illustrating the protocol layers of the OSI model, thecorresponding TCP/IP protocol stacks, and the types of conventionalswitching and routing operable at each layer.

FIG. 3 illustrates the various headers of an IP packet.

FIG. 4 illustrates conventional TCP port assignments for some of themore standard services.

FIG. 5 is a functional block diagram illustrating schematically acontent-aware application switch operating in an intelligent datacenter, according to a preferred embodiment of the present invention.

FIG. 6 is a table illustrating the various TCP/IP protocol stacks andOSI layers and associated messages or information the application switchemploys to perform switching.

FIG. 7 is a flow diagram illustrating a method of switching prioritizedpackets to one of a group of servers.

FIG. 8 shows the components of the application switch of FIG. 5 in moredetail.

FIG. 9 is a schematic illustration of the information carried in apacket tag.

FIG. 10A illustrates a content dictionary containing a set of predefinedpatterns indexed by content class.

FIG. 10B illustrates a policy table containing a set of predefinedpolicies indexed by content class.

FIG. 10C illustrates a server property table.

FIG. 10D illustrates a server state table.

FIG. 11 is a flow chart illustrating a load-balancing scheme based onweighed least connection.

FIG. 12 illustrates schematically the QoS controller of FIG. 8 in moredetail.

FIG. 13 is a table showing how the ActiveFlags are set as a function ofserver load.

FIG. 14 is a flow diagram illustrating a preferred schedule of packetprioritization for a given server port.

FIG. 15 illustrates schematically a Dynamic Server Weight that convergesto the Default Server Weight as the Current Load of the newly put onlineserver approaches the average Current Loads of the servers in a groupparticipating in load balancing.

FIG. 16A is a flow chart illustrating the process of adjusting theserver weight of the new server being added to the group of serversunder load balancing.

FIG. 16B is a flow chart illustrating the process of performing loadbalancing with the new server included in the group of servers underload balancing.

FIG. 17 illustrates the handshaking at the beginning of a TCP sessionbetween a client, an intermediate switch and a server under the TCPsplicing scheme.

FIG. 18 illustrates the streamlined TCP process of the presentinvention.

FIG. 19 is a flow chart illustrating the method of content-awareswitching without delay binding.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Content-Aware Application Switch

According to one aspect of the present invention, a content-awareapplication switch enables switching a client packet to a server among agroup of servers, where the selected server and the priority of thepacket are dependent on the content carried in the packet.

FIG. 5 is a functional block diagram illustrating schematically acontent-aware application switch operating in an intelligent datacenter, according to a preferred embodiment of the present invention. Anintelligent data center 10 is implemented by the deployment of acontent-aware application switch 20 to switch between servers in aserver farm 30. The server farm 30 comprises a group of web servers 32for hosting replicas of a web application to be deployed on the Internet50. The server farm optionally includes other servers, such as databaseservers 34 and media servers 36 for providing resources that may augmentor be required by the particular web application being deployed.Browsers on the Internet, such as a browser 60 running on a clientcomputer, can access the web application hosted in the data center 10via a WAN (wide-area network) router 40.

A browser accesses a web application by the URL pointing to the websitehosting the web application. In the simple case when a web server isaccessible directly from the Internet, the URL for the website will bethe IP address of the server. In the case of the data center, where theweb servers are behind the application switch 20 and not directlyaccessible, the URL for the website is a virtual IP address thatactually points to the application switch. Each server in the serverfarm 30 has its own IP address, which is a local IP address accessibleonly within the data center. The virtual IP address enables the clientpacket to be delivered to the switch. The switch selects a server anddelivers the packet to the selected server by addressing the server'slocal IP address. This switching process involves modifying thedestination IP address in each packet header from that of the switch tothat of the selected server. Likewise, the hardware MAC address in thepacket header is modified.

The application switch 20 basically receives packets from clients on theInternet, examines the content of the packets, and based on the content,prioritizes the packets and selects appropriate servers to send thepackets to. The application switch 20 comprises an IP bus 100 thatenables IP communications with the Internet 50 and the server farms 30.A buffer controller 120 temporarily stores packets passing through theapplication switch.

A packet classifier 140 snoops receive packets from the IP bus 100 so asto examine the content in each packet and classify the identifiedcontent pattern as one of predefined content pattern classes.

A transmit controller 160 uses the assigned content class to look up aset of tables 180 to determine transmit instructions for each packet.Ultimately, the transmit instructions determine which server the packetis to be directed to, and in what order. The transmit controllerincludes a load balancer 162 and a QoS controller 164. The load balancer162 selects a server that can best serve the request associated with thepacket based on the content class, server farm configuration and thecurrent loads of the servers. The QoS controller 164 prioritizes eachpacket based on the content class and the predefined policy for eachclass.

Once the transmit instructions have been determined for each packet, thetransmit controller cooperates with the buffer controller 120 to releasethe temporarily stored packets to the selected server according to theirdetermined priority.

Thus, it can be seen that packets are routed from the client 60 to theapplication switch 20 using Layer 3 information. From the switch to aselected server, Layer 4-7 information is used to select a server andset priority, and Layers 2-4 information is used to deliver the packetto the selected server.

FIG. 6 is a table illustrating the various TCP/IP protocol stacks andOSI layers and associated messages or information the application switchemploys to perform switching. As mentioned in the background section, aconventional web switch operates within a data center to switch packetsto one of a group of servers based on load-balancing considerations. Aserver is selected based on how busy each server is and what type ofrequest is carried by a packet. The type of request carried by a packetcan be determined by examining Layers 4-7 message.

The content-aware application switch 20 shown in FIG. 5, operates in asimilar environment as a web switch. It switches packets based oninformation or messages associated with Layer 7 as well as those oflower layers. However, unlike a web switch, not only is it aware ofLayers 2-7 messages, it also uses this information to prioritize thepackets as well as to select the most appropriate server. In otherwords, the application switch performs QoS control and load balancingbased on application-related information.

The application-related or Layer 7 message carried in a packet includesHTTP header and other HTTP payload such as data or other personalizedinformation. The information can be used to make switching decisionsbased on QoS considerations. For example, at an online merchandisingwebsite, the customer who is actually trying to buy an item can bedistinguished from another who is merely browsing a catalog by the webpage they are currently requesting. This information can be determinedfrom the URL contained in the HTTP header, since it actually points tothe current webpage. Similarly, the packets from a preferred customermay be identified by the cookie contained in the HTTP header. Based on aset predefined policies, the packets can be prioritized, with the higherpriority ones getting better quality of service (“QoS”).

FIG. 7 is a flow diagram illustrating a method of switching prioritizedpackets to one of a group of servers.

Buffering:

Step 200: Store an input packet in a buffer. The input packet istypically associated with a client request.

Content Classification:

Step 210: Parse out the Layer 7 content from the packet. Lower layerinformation is also parsed out to obtain various addresses, but Layer 7content provides information about the application associated with theinput packet.

Step 212: Assign a content class to the packet based on its parsedcontent by reference to a predefined set of content class definitions.

Load-Balancing:

Step 220: Select a destination server for the packet from among a groupof servers, where the server selection is a predefined function of theindividual server properties, including server loads, among the group ofservers.

Alternatively,

Step 220′: In another embodiment, select a destination server for thepacket from among a group of servers, where the server selection is apredefined function of the individual server properties among the groupof servers and the content class of the packet. The dependency oncontent class allows more refined load balancing. For example, thecontent class assigned to the packet allows identification of the groupof eligible servers for serving the application, and also the estimatedload the application placed on the selected server.

QoS Control:

Step 230: Queue the packet according to a priority that is given by apredefined function of content class.

Switching:

Step 240: Release the packet from the buffer to the designation serveraccording to a schedule that depends on the assigned priority and theproperties and workload of the destination server.

In the preferred embodiment, all packets belonging to the same TCPsession are assigned similar transmission characteristics and aretherefore treated as a group. Classification by the packet classifier140 need only be performed on a sample packet of the group. The transmitcontroller 160 then assigns the same classification to the rest of thepackets in the same TCP session. In this way, it has been estimated thatthe packet classifier need only process five percent of all packettraffic. A TCP session can be identified by the unique combination ofSource IP Address (Layer 3 header) and Source Port Number (Layer 4header).

FIG. 8 shows the components of the application switch of FIG. 5 in moredetail. The application switch 20 uses the IP bus 100 to communicatewith the Internet 50 on one side and the server farm 30 on the otherside (see FIG. 5). In one preferred embodiment, the IP bus interfaces onthe Internet side (ingress port) with a wideband network interface, suchas a 1 Gbps Ethernet port (not shown). On the server farm side (egressport), the IP bus interfaces with N (e.g., N=8) 10/100 Mbps Ethernetports 310, allowing connections to N servers 32. This provides athroughput of 1.28 Gbps full duplex across the application switch. Ingeneral N should be a number such that the throughput on the ingressport is commensurate with that of the egress port.

Buffer Controller

Packets entering the application switch 20 are temporarily stored in thebuffer controller 120. The buffer controller comprises a receiver 320, apacket buffer 322 and a transmitter 324. On the ingress side, clientpackets arriving from the Internet are picked up by the receiver 320from the IP bus. The receiver stores the packets in the packet buffer322 and also creates a packet tag for each stored packet. The packet tagis a token for the stored packet and is used by the transmit controllerto assign transmit instructions to the stored packet.

FIG. 9 is a schematic illustration of the information carried in apacket tag. It comprises a Packet ID field, a Buffer Address field, aPriority field, a Previous Packet ID field, a Next Packet ID field, anda Selected Server field. Packet ID serves as an index to the storedpacket. Buffer Address gives the memory location of the stored packet.Priority is determined from a classification of the packet content andis used to set the sending order of the packet to the selected server.The sending order is encoded in the linked list fields, Previous PacketID and Next Packet ID. Selected Server is the address (i.e. port number)of the selected server. The linked list fields and Selected Server fieldcontain transmit instructions that are assigned by the transmitcontroller.

Tables

Returning to FIG. 8, it will be understood that various components ofthe application switch communicate with each other by well known meansof internal buses, processors, memories and other glue logic, and arenot explicitly shown. Shown explicitly are those communication pathsthat help to illustrate functional relationships. In particular, whereinformation is stored and processed by a number of components, it ispreferably stored in the set of tables 180.

The tables include a TCP session table 182, an ACL (access control list)table 184, one or more server table 186, a class policy table 188 andothers. These tables are accessible by the various components of theapplication switch and will be described more fully in connection thesecomponents later. In the preferred embodiment, the tables are stored innon-volatile memory and loaded into random access memory (“RAM”) duringoperation.

The TCP session table 182 keeps track of TCP sessions. When a packet isreceived into the application switched, it is checked against the TCPsession table to see if it belongs to an existing TCP session. If thepacket is part of an existing TCP session, it will be assignedtransmission instructions similar to other packets of the same TCPsession. If the packet does not match any existing TCP session, a newTCP session will be registered in the TCP session table 182.

The ACL table 184 is a listing of access control instructions versuscontent class. Essentially, it allows a user or an administrator tocontrol access based on parsed Layer 2-7 information. In one embodiment,it is incorporated into the class policy table.

The class policy table 188 allows a user or an administrator to setpolicies or business rules to different content classes. In thepreferred embodiment, a priority is assigned to each content class.

Packet Classifier

As a receive packet is taken up by the receiver 320, a copy of it issnooped by the packet classifier 140. The packet classifier comprises acontent parser 340 that parses out content from the various headerfields and data portion (Layers 2 to 7) of the a packet. A content classclassifier 342 recognizes the parsed content as one of a set ofpredefined patterns and classifies each pattern by reference to acontent class dictionary 344.

FIG. 10A illustrates a content class dictionary containing a set ofpredefined patterns indexed by content class. The content classdictionary 344 is a table stored in memory that can be updated by a useror administrator. In one embodiment, it is included in tables 180.

Returning to FIG. 8, the content class classifier 140 assigns to thepacket a content class, which is then communicated to the receiver 320and the transmit controller 160.

Basically, Layer 2-4 information parsed by the packet classifier is usedby the receiver 320 to make a preliminary determination of what to dowith each packet. For example, the classification on (Layer 2-4) headersis useful for screening out uninterested web traffic. This includes:

a. Checking destination MAC address for Layer 2 switching;

b. Setting an Access Control List (“ACL”) by looking at TCP/IP headers,and returning a flag for reject or allowed packet traffic;

c. Identifying uninterested web traffic by looking at TCP/IP headers,such as user specified VIP and/or web service port numbers, andreturning a flag to indicate uninteresting web traffic and forwardingoutput MAC port number;

d. Identifying management traffic by looking at TCP/IP headers, such asthe appearance of the actual IP address of the application switch and/ornetwork management port numbers, and returning a flag to indicatemanagement traffic and forwarding output MAC port number.

In a preferred embodiment, Layer 7 information is also examined formaking a preliminary determination of what to do with each packet. Inparticular, the ACL is also controlled by application layer informationwhere packets carrying certain class of content are accepted, rejectedor redirected to a predetermined location.

If the receiver 320 determines from the Layers 3-4 information that thepacket is not related to web traffic, the transmit controller 160 willnot need the application layer (Layer 7) information from the packetclassifier 140. It will be notified by the receiver to process thetransmit instructions of the packet accordingly. Otherwise, the transmitcontroller will take the application layer information into account.

The classification on application layer (Layer 7) content makes itpossible to assign, in combination with the policy table 188, morerefined transmit instructions for a packet. In general, the inboundpackets are classified based on at least three categories ofinformation. The first one is related to the nature of the application.Different applications will be treated differently based on theirbusiness values. Different application can be identified by theassociated URL path information. The second is related to client'shistory. Based on the historical behavior of a client, the client can beassigned a priority. A specified cookie field can be used to accumulateclient history information, and be examined to classify the inboundpackets. The third category is related to client's browsing status. Thebusiness value associated with clients in different browsing stages willbe different. A client in a buying mode who has put items into theshopping cart and/or provided his/her credit card information has higherbusiness value than the clients in random surfing mode. The differentbrowsing stages can be determined by examining the URL paths (i.e., theweb pages being pointed to) and/or from specified cookie fieldsestablished to identify clients in different browsing stages.

The application layer classification therefore includes checking URL andCookie values, and return URL and Cookie Pattern index based on thesevalues. From the URL, the HTTP request method (GET, HEAD, POST, etc.) isalso examined. Policy can be set to disable certain methods, like PUT orDELETE. Examples of other possible URL patterns that may be checked,include: TABLE-US-00001 GET /subdir/filname.html (or HEAD, POST, PUT,etc.) GET /subdir/* .gif GET /(all.cgi, .bin, and .exe files) GET/*.asp?userid=1234 (or all userid between 100 and 500) Host:www.companyname.com Referer:http:/www.companyname0.com/subdir/filename.html

Examples of possible Cookie patterns that may be checked, includes:TABLE-US-00002 Cookie: ***; userid=1234; (or all userid between 100 and500) Cookie: ***; shoppingcartexists=yes; ***; shipping=fedex.

In a preferred embodiment, the packet classifier 140 is implemented withthe aid of a PAX.port 1100 Classification Processor manufactured bySolidum Systems Corp., Scotts Valley, Calif., U.S.A. Classification isonly performed on packets from the Internet side, i.e., ingress traffic,which will inspect all the packets at the speed of 500 Mbs (312K packetper second (pps), assuming 200 bytes of average packet size) and parsingof all Layer 2 to 7 fields.

Transmit Controller

The transmit controller's job is to use information parsed from a packetto assign transmit instructions for the packet in order to stage thepacket for transmission. In the preferred embodiment, the transmitcontroller performs an initial application-layer security screening bychecking against the ACL table 184. Dependent on the determined contentclass of the packet, the ACL table may prescribe that the packet is tobe dropped, or redirect to a predetermined location, or other actions.On the other hand, if the ACL table grant access for the packet to beswitched to a destination server among the server farm, the transmitcontroller will invoke the load balancer 162 and the QoS controller 164to provide transmit instructions for the packet.

In the preferred embodiment, the transmit instructions includespecifying which destination server the packet is to send to and withwhat priority. The destination server is determined by the load-balancer162 component of the transmit controller and the priority is determinedby the QoS controller 164 component. These determinations are made byreference to both the content class for the packet and tables containingserver and priority information.

FIG. 10B illustrates a class policy table containing a set of predefinedpolicies indexed by content class. The policy table 188 is a tablestored in memory that can be updated by a user or administrator. Itbasically codifies the relative importance of a packet with a givencontent class, based on business and other considerations. This isimplemented by a priority assigned to each class. In a preferredembodiment, the priority falls into one of three types: HIGH, MEDIUM,and LOW. In another embodiment, the priority type also includes REJECT,which means the packet is to be dropped. This will provide analternative implementation of application-layer security control. Forexpediency, the table also contains a Server Group field and a ClassWeight field. The Server Group field yields, for each class, a list ofeligible servers eligible to service the class. The Class Weight fieldprovides a relative estimate of the load presented to a server byapplications associated with this class. In the example shown in FIG.10B, the class policy table defines Priority, Server group, and ClassWeight as individual functions of content class.

FIG. 10C illustrates a server property table. The server property tableis part of the server table 186 shown schematically in FIG. 8. It listsall servers in the server farm and their properties and settings. Theserver properties include: the server's IP & MAC addresses; the maximumnumber of connections that the application switch can establish with theserver; the default server weight, which is an integer number indicatesthe relative power of the server, a LOW margin; and a HIGH margin. Thedefault server weight provides a weighted measure of the serverintrinsic capacity. The LOW and HIGH margins will be described inconnection with QoS control later.

FIG. 10D illustrates a server state table. The server state table is adynamic part of the server table 186 shown schematically in FIG. 8. Theserver state table stores server load metrics that include:CurrentConnections; CurrentLoad; DynamicServerWeight and a count, k. TheCurrentConnections indicates the current number of connections theapplication switch has established with the server. The CurrentLoad is aweighted summation of all current connections, i.e. a summation whereeach connection is weighted by the default server weight and also theclass load (see FIG. 10B) associated with each connection. TheDynamicServerWeight and the count, k will be described in more detaillater in connection with a slow-start server-selection method for anewly added server.

To determine a destination server for a packet, the load balancer 162(FIG. 8) uses the content class obtained from the packet classifier 140to look up the policy table 188 for a server group and a class load. Theload balancer then selects one server from the server group based onload-balancing considerations. The load balancer references the variousserver tables 186 and takes into consideration the properties and theserver load metrics of each server in the server group in order toselect a server best able to fulfill the request associated with thepacket in question.

At least four types of load-balancing schemes are applicable. The firstthree types are simpler, without considering the number of existingconnections on each server. For example, the first type is “RoundRobin”, which chooses a server among a group in turns. The second is“Weighted Round Robin”, which is similar to “Round Robin”, but eachserver is weighted by its DefaultServerWeight (FIG. 10C). The third is“Weighted Distribution”, which is similar to “Weighted Round Robin” inthat the servers are weighted, but it chooses a server by randomselection rather than going around the group in turns.

The fourth type of load-balancing scheme is “Weighted Least Connection”,which is the preferred scheme. It involves more computations butprovides a more refined balance. Basically, it selects a server with theminimum number of weighted connections (i.e. CurrentLoad). A weightedconnection takes into consideration that different class of requestspresents different load on a server as represented by the ClassWeightvalue given in the policy table of FIG. 10B. It also takes intoconsideration that each server also has a weight (represented byDefaultServerWeight in FIG. 10C) which allows some server to have moreconnections than others.

FIG. 11 is a flow chart illustrating a load-balancing scheme based onweighed least connection.

Step 370: Read the list of servers in ServerGroup. ServerGroup is thegroup of servers predetermined to be eligible for serving packets of agiven content class (see. FIG. 10B).

Step 372: Delete all servers with CurrentConnections+1>=MaxConnections.All servers in the group that are already connected to the maximum neednot be considered.

Step 374: For the remaining servers in the ServerGroup, select theserver with the smallest CurrentLoad.

Step 376: End.

Conventional load balancing mechanisms take into account only serverutilization factor. If all servers are busy, no one can get in since itgives no preferential treatment to traffic with higher business value.The present application switch 20 is capable of prioritizing all inboundpackets (i.e., packets on ingress traffic) according to predefinedbusiness values.

In the preferred embodiment, the QoS controller 164 (FIG. 8) sorts allinbound packets into three priority types, High, Medium, and Low, andplace packets of different types into queues of different prioritylevels, based on the business values assigned to the traffic. Packets indifferent type queues will be managed differently. When all servers arebusy, the application switch will give preferential treatment to theHigh priority inbound packets, and delay and/or discard Medium and Lowpriority inbound packets. Using this mechanism, the application switchcan allocate more server resource to traffic with higher businessvalues.

FIG. 12 illustrates schematically the QoS controller of FIG. 8 in moredetail. As packets are received by the Application switch 20, theircorresponding packet tags are being handled by the transmit controller160 (see FIG. 8). The QoS controller 164 effectively sorts the packettags into a series of queues. There is one set queues for each of the Nservers. Each set of queues, such as that for Port 1 connecting toserver 1 (see FIG. 8), comprises a High priority queue 410, a Mediumpriority queue 420, and a Low priority queue 430. The queues areFirst-In-First-Out (“FIFO”) queues. As the packet tags are received, theQoS controller puts each tags into one of the queues according to itsassigned transmit instructions, i.e. selected server and priority. Thus,if a packet tag has the transmit instructions of “server 1” and “Mediumpriority”, it will be queued in the Medium priority queue 420 associatedwith Port 1.

The transmit scheduler 360 effectively generates a transmit queue bypicking off the packet tags from the various queues according apredefined schedule and sends the prioritized transmit packet tags tothe transmitter 324 of the Buffer controller 120 (see FIG. 8). Thepredefined schedule is based on the following requirements. Packetsshould be generally be ordered according to their assigned priority, butalso in regard to how busy is the destination server. The secondconsiderations allows management of server headroom, so that at any timea server would not be totally swamped by lower priority requests in theabsence of High priority requests.

The transmit scheduler schedules removal of the packet tags from eachqueue with the aid of two flags. The EmptyFlag indicates whether thequeue is empty (=1) or nonempty (=0). When a queue is non-empty, it isready for packet removal, subject to the condition of the ActiveFlag.The ActiveFlag is used to implement server headroom and indicateswhether the queue is active (=1) or not active (=0) for packet tagremoval. When a queue is inactive, it is in a “sleep” state, and can beused to hold back lower priority packets. In general, there will be aset of these two flags for each queue. The ActiveFlags such asHActiveFlag 414, MActiveFlag 424 and LActiveFlag 434 are updateddynamically at predetermined intervals based on the load of theassociated server. Thus, for the High priority queue 410, thecorresponding flags are HEmptyFlag 412 and HActiveFlag 414. For theMedium priority queue 420, the corresponding flags are MEmptyFlag 422and MActiveFlag 424. For the Low priority queue 430, the correspondingflags are LEmptyFlag 432 and LActiveFlag 434.

FIG. 13 is a table showing how the ActiveFlags are set as a function ofserver load (i.e. how busy the server is). Each server has load metricsto measure what it considers busy (see FIG. 10C). “Max Load” is a loadlevel where the server is about to saturate. “LOW Margin” is a loadlevel where the server is not busy and therefore has much headroom.“HIGH Margin” is a level where the server is quite busy and thereforehas a little headroom left. It can be seen that, among the threepriority queues, packet tags in the High priority queue will be servedfirst without regard to server workload condition. Thus, HActiveFlag isactive for packet removal (“1”) for all server load conditions. Thepacket tags in the Medium priority queue are active for removal onlywhen the server load is below the HIGH margin mark. If the server loadis above the HIGH margin mark, the removal of the Medium priority packettags is slowed by putting the queue to sleep in alternate intervals. Inthe case of Low priority packet tags in the Low priority queue, they areactive for removal only when the server load is below the LOW marginmark. When the server load is in the region between the LOW and HIGHmargin marks, the removal of the Low priority packet tags are slowed byputting the queue to sleep in alternate intervals. When the sever loadis above the HIGH margin mark. The Low priority queue is put to sleep.

In addition to the sleeping times for Medium and Low priority queues,there are also maximum queue size thresholds for both Medium and Lowpriority queues. When the Medium (Low) priority queue reaches themaximum queue size, the oldest packet tags in the Medium (Low) priorityqueue will be discarded. Since High priority packet tags will be servedfirst and there is likely no large queue size built up for these packettags, there will be no maximum queue size restriction for them.

FIG. 14 is a flow diagram illustrating a preferred schedule of packetprioritization for a given server port.

High Priority Queue

Step 450: While there is a packet tag in the High priority queue and thequeue is active, transfer the packet tag to the transmitter. Otherwisego to Step 460.

Medium Priority Queue

Step 460: Do Steps 462 while the High priority queue is empty, otherwisego to Step 450.

Step 462: While there is a packet tag in the Medium priority queue andthe queue is active, transfer the packet tag to the transmitter.Otherwise go to Step 470.

Low Priority Queue

Step 470: Do Step 472 while the High priority queue is empty, otherwisego to Step 450.

Step 472: Do Step 474 while the Medium priority queue is empty,otherwise go to Step 462.

Step 474: While there is a packet tag in the Low priority queue and thequeue is active, transfer the packet tag to the transmitter, otherwisego to Step 480.

Step 480: End.

For N server ports, when more than one port has a non-empty Highpriority queue, the transmit scheduler transfers the packet tags fromthe plurality of non-empty High priority queues in an equitable manner,such as using a “Round Robin” schedule. The Medium and Low priorityqueues are treated similarly.

Referring again to FIG. 8, the transmit scheduler 160 effectivelytransfers the packet tags to the transmitter 324 as a transmit queue inthe order prescribed by the schedule described above. In the meantime,an address modifier 366 in the transmit controller modifies the packetsin the packet buffer 322 corresponding to the packet tags. It modifiesthe Layer 2-4 destination addresses to that of the designation server.In this way, when the transmitter 324 releases the packets in the packetbuffer onto the IP bus 100, according the packet tags in the transmitqueue, the packets will have the correct addresses to proceed to theirrespectively selected server.

Traffic from a server back to the client is usually deterministic andthe application switch merely performs the function of changing the IPand MAC addresses of a packet from that of the switch to that of theclient. This is implemented by TCP splicing or Network AddressTranslation (“NAT”).

The application switch is preferably implemented by a collection oftightly coupled application-specific integrated circuits (“ASICs”). Inthe preferred embodiment, a network processor, embodied by multipleprogrammable microengines and a core processor, is used to implement andmanage the various components. An example of such a network processor isIntel IXP 1200 Network Processor manufactured by Intel Corporation,Santa Clara, Calif., U.S.A.

Slow-Start New Server Selection

According to another aspect of the invention, a slow-start serverselection method is advantageous employed to alleviate the problem of aserver newly put online from being swamped due to existing loadbalancing schemes.

The four established load balancing algorithms identified earlier do notaddress the problem when a new server is brought up online among a groupof servers participating in load balancing. The newly added server, byvirtue of an initial low workload, can be flooded with new requests,which will quickly degrade the service quality perceived by the users.This is because these algorithms take into account only serverutilization factor, (e.g., selecting a server with the least workload)resulting in the selection tipping heavily towards the newly addedserver.

As described earlier, the preferred load-balancing scheme is “WeightedLeast Connection”, which selects a server with the minimum CurrentLoad,where CurrentLoad=number of weighted connections=Summing over{DefaultServerWeight*ClassLoad(i)}, where i=1 to CurrentConnections.(See FIGS. 10B, 10C, 10D).

In the slow-start load-balancing method, the server load metric for anewly added server has a configurable server-weight factor. In thecalculation for CurrentLoad, the DefaultServerWeight is replaced by aDynamicServerWeight (see FIGS. 10C and 10D). The DynamicServerWeight isinitially made larger but eventually converges to the value of theDefaultServerWeight. Generally, the DynamicServerWeight is such that itreduces the disparity in the normalized CurrentLoads (i.e., CurrentLoadnormalized by ServerWeight) of the new server and a typical server amongthe group. In this way, the chance of the new server always having thesmallest normalized CurrentLoad and therefore always being selected isreduced. As the new server establishes more connections with theapplication switch, the DynamicServerWeight is gradually reduced untilit becomes the same as the Default Server Weight. At this point, the newserver's normalized CurrentLoad will have increased to a level similarto the rest of the server group.

FIG. 15 illustrates schematically a DynamicServerWeight that convergesto the DefaultServerWeight as the normalized CurrentLoad of the newlyput online server approaches the average normalized CurrentLoad of theother servers in a group participating in load balancing. In a preferredembodiment, DynamicServerWeight=^(2k)DefaultServerWeight, where k is aninteger initially set to equal SlowStartCount, which is a configurablenumber. In this way, DynamicServerWeight converges toDefaultServerWeight as k is counted down to zero during a period thatthe normalized CurrentLoad of the new server increases to approach alevel similar to that of the rest of the servers in the groupparticipating in load balancing. For example, initially k=5, and eachtime the disparity is reduced by a factor of two, k is reduced by one.

FIGS. 16A and 16B are flow charts illustrating load-balancing with anewly incorporated server, according to one preferred embodiment of theinvention.

In a preferred implementation, there are three processes. The first isthe initialization process of setting an initial value for theServerWeight of the new server. The second is switching a packet subjectto load balancing with the group of servers, including the new server.The third is to adjust the ServerWeight of the new server to converge toDefaultServerWeight over a predefined period during load balancing.

FIG. 16A is a flow chart illustrating the process of adjusting theserver weight of the new server being added to the group of serversunder load balancing.

Step 510: Initialize k=SlowStartCount.

Step 512: Set ServerWeight=DynamicServerWeight=2^(k)DefaultServerWeight,go to Step 540.

Step 540: At predefined intervals while load balancing is ongoing (seeSteps 530 and 532), test if k=>0?, if so, go to Step 542, else go toStep 550.

Step 542: Set k−1, decrementing the server-weight factor by half, thengo to Step 512.

Step 550: End.

This is the point where k is zero, and the new server has a ServerWeightDefaultServerWeight. Its CurrentLoad normalized by itsDefaultServerWeight is similar to that of the other servers in thegroup.

FIG. 16B is a flow chart illustrating the process of performing loadbalancing with the new server included in the group of servers underload balancing. Load balancing can begin as soon as the ServerWeightsfor all the servers, including the newly added one, is set, as in Steps512 and 520.

Step 530: Compute CurrentLoad of the server using ServerWeight.

Step 532: Select a server based on CurrentLoads among the Server Group.

Content-Aware Switching Without Delayed Binding

According to another aspect of the invention, a method is provided toperform content-aware switching without incurring delay and excessiveprocessing while initially waiting for content to become available inorder to make switching decisions.

The servers in a data center/call center can be the performancebottleneck for web applications in many cases. All existingload-balancing algorithms mostly use Layers 3 and/or 4 information toselect a server.

As described earlier, different web applications may have differentrequired server load implications. This information is derivable byidentifying from the application layer (Layer 7) the class ofapplication and associating it with a ClassWeight (see FIG. 10B). Loadbalancing is more refined when Class Weight is taken into consideration.

However, application layer information typically arrives after theinitial TCP handshaking process. The first few packets used forhandshaking purposes carry no application layer information. Thus, ifload balancing is also dependent on Layer 7 information, the switch willhave to wait until after the handshaking is completed to obtain it inorder to select a server (delayed binding). The former treats allapplications on the same server group equally and does not take intoaccount the difference in load demand by different applications. Thelatter uses TCP splicing and is process intensive.

FIG. 17 illustrates the handshaking at the beginning of a TCP sessionbetween a client, an intermediate switch and a server under the TCPsplicing scheme. First the client initiates a TCP session with theswitch. The first three packets exchanged are for handshaking betweenclient and switch. The application layer packets come after thehandshaking packets. The switch then uses the application layerinformation to make switching decisions. Thereafter, the switchinitiates another TCP session with the selected server. This tandemprocess of TCP splicing is inefficient and process intensive but isnecessary if application layer information must first be obtained by theswitch in order to select a server to switch to.

The present invention prescribes using application layer (Layer 7)information to perform load balancing as soon as the first handshakingpacket from a new TCP session arrives. This is accomplished by using theapplication layer information from a previous TCP session as a bestestimate for the new session. This scheme works if there is only oneserver group in the server farm, as is typical, and therefore Layer 7information is not necessary to select a server group. Thus, loadbalancing is performed on the basis of workloads of servers based ondata from a previous TCP session. Since a server can be selected on thefly, the handshaking packets can be sent directly to the server withoutperforming the tandem process of TCP splicing.

FIG. 18 illustrates the streamlined TCP process of the presentinvention. When the switch receives a handshaking packet, a server isselected based on the servers' load metrics, which are dependent onLayer 7 information of a previous session. The packet is redirected onthe fly to the server. Similar, the returned packet from the server isredirected at the switch on the fly to the client. As soon as a packetcarrying Layer 7 information arrives, the switch uses it to update theserver load metric so that it can provide the most current estimate forthe next TCP session.

As for QoS control, the few handshaking packets at the beginning of anew TCP session are assigned a default High priority so that thehandshaking process can be completed without delay and the Layer 7information be available as soon as possible. When the Layer 7information becomes available, it will be used to prioritize the currentpackets in the manner described earlier.

FIG. 19 is a flow chart illustrating the method of content-awareswitching without delay binding.

Step 600: If the packet is a first handshaking packet, go to Step 610,else go to Step 620.

Step 610: Retrieve existing server load metrics for the group of serversunder loads balancing. These existing server load metrics have beenupdated based on application layer information of a previous TCPsession.

Step 612: Select a server from the group of servers based on theexisting server load metrics.

Step 614: Set the packet to a default priority. Go to Step 630.

Step 620: If the packet a handshaking packet, go to Step 622, else go toStep 630.

Step 622: If application layer information for current TCP session hasalready been obtained, go to Step 624, else go to Step 630.

Step 624: Use the application layer information from the packet to setpriority for the packet.

Step 626: Use the application layer information from the packet toupdate the server load metrics. The server load metric will be used inthe next TCP session to select a server. Go to Step 630.

Step 630: Direct the packet to the selected server according to apredefined schedule dependent on the assigned priority.

Step 640: End

Thus it is possible, by the present invention, to implementapplication-aware load balancing and QoS control without having to usedelayed binding. The server load metrics used in the load-balancingalgorithm are updated based on application layer information after aserver is selected. This way, the server selection process does not needto “wait” (hence requiring delayed binding) for application layerinformation to arrive in order to select a server for the “current”request. However, after the application layer information is available,the server load metric is updated based on the application and hencereflected on the next server selection process.

While the embodiments of this invention that have been described are thepreferred implementations, those skilled in the art will understand thatvariations thereof may also be possible. Therefore, the invention isentitled to protection within the full scope of the appended claims.

What is claimed is:
 1. A method comprising: parsing application contentfrom a packet; selecting a destination server from a group of servers,wherein selecting the destination server is dependent on a load metricfor each server; assigning a priority to the packet, the prioritydependent on the application content; and dropping the packet if thepriority comprises a predetermined type.
 2. The method of claim 1,further comprising transmitting the packet to the destination serveraccording to a transmitting schedule, the transmitting schedule beingdependent on the priority.
 3. The method of claim 1, further comprisingreferencing an access control list to enforce security, the accesscontrol list being dependent at least in part upon the applicationcontent.
 4. The method of claim 3, wherein referencing an access controllist further comprises dropping the packet if the application contentcomprises a first predetermined type.
 5. The method of claim 4, whereinreferencing an access control list further comprises redirecting thepacket to a predetermined location if the application content comprisesa second predetermined type.
 6. The method of claim 1, wherein thepriority comprises at least one of a first priority and a secondpriority, the second priority being lower than the first priority,wherein the destination server has a workload above a firstpredetermined level, and the transmitting schedule is constructed suchthat, if the packet comprises the first priority then the packet istransmitted to the destination server without delay and if the packetcomprises the second priority then the packet is held back from beingtransmitted to the destination server.
 7. The method of claim 1, furthercomprising at least one of: determining at least one eligible serverfrom among the group of servers, wherein determining at least oneeligible server is dependent on the application content; and selectingthe destination server from among the at least one eligible servers. 8.The method of claim 1, further comprising determining an estimatedapplication load for the destination server, the estimated applicationload being dependent at least in part upon the application content;wherein selecting a destination server is also dependent at least inpart upon the estimated application load.
 9. The method of claim 1,wherein the transmitting schedule is also dependent at least in partupon the server load metric for each server.
 10. The method of claim 1,wherein the application content comprises a Hypertext Transfer Protocolheader.
 11. A non-transitory computer readable medium, the computerreadable medium including instructions, which when executed performsteps comprising: parsing application content from a packet; selecting adestination server from a group of servers, wherein selecting thedestination server is dependent on a load metric for each server;assigning a priority to the packet, the priority dependent on theapplication content; and dropping the packet if the priority comprises apredetermined type.
 12. The non-transitory computer readable medium ofclaim 11, wherein the steps further comprise transmitting the packet tothe destination server according to a transmitting schedule, thetransmitting schedule being dependent on the priority.
 13. Thenon-transitory computer readable medium of claim 11, wherein the stepsfurther comprise referencing an access control list to enforce security,the access control list being dependent at least in part upon theapplication content.
 14. The non-transitory computer readable medium ofclaim 13, wherein referencing an access control list further comprisesdropping the packet if the application content comprises a firstpredetermined type.
 15. The non-transitory computer readable medium ofclaim 14, wherein referencing an access control list further comprisesredirecting the packet to a predetermined location if the applicationcontent comprises a second predetermined type.
 16. The non-transitorycomputer readable medium of claim 11, wherein the priority comprises atleast one of a first priority and a second priority, the second prioritybeing lower than the first priority, wherein the destination server hasa workload above a first predetermined level, and the transmittingschedule is constructed such that, if the packet comprises the firstpriority then the packet is transmitted to the destination serverwithout delay and if the packet comprises the second priority then thepacket is held back from being transmitted to the destination server.17. A method comprising: parsing application content from a packet;determining at least one eligible server from a group of servers,wherein determining at least one eligible server is dependent at leastin part upon the application content; selecting a destination serverfrom the at least one eligible server; determining an estimatedapplication load for the destination server, the estimated applicationload dependent at least in part upon the application content; assigninga priority to the packet, the priority being dependent at least in partupon the application content; and dropping the packet if the prioritycomprises a predetermined level.
 18. The method of claim 17, furthercomprising transmitting the packet to the destination server accordingto a transmitting schedule, the transmitting schedule being dependent atleast in part upon the priority and the server load metric for eachserver; wherein the step for selecting the destination server isdependent at least in part upon the server load metric for each serverin the group of servers and the estimated application load.
 19. Themethod of claim 17, wherein the application content comprises aHypertext Transfer Protocol header.
 20. The method of claim 17, whereinthe priority further comprises at least one of a first priority and asecond priority, the second priority being lower than the firstpriority, wherein the destination server has a workload above a firstpredetermined level of the at least one of a predetermined level, andthe transmitting schedule is constructed such that, if the packetcomprises the first priority then the packet is transmitted to thedestination server without delay and if the packet comprises the secondpriority then the packet is held back from being transmitted to thedestination server.